{"api_version":"1","generated_at":"2026-04-22T23:52:01+00:00","cve":"CVE-2009-5018","urls":{"html":"https://cve.report/CVE-2009-5018","api":"https://cve.report/api/cve/CVE-2009-5018.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-5018","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-5018"},"summary":{"title":"CVE-2009-5018","description":"Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow context-dependent attackers to execute arbitrary code via a long command-line argument, as demonstrated by a CGI program that launches gif2png.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2011-01-14 17:00:00","updated_at":"2017-08-17 01:31:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://openwall.com/lists/oss-security/2010/11/22/1","name":"[oss-security] 20101121 Re: CVE Request: gif2png: command-line buffer overflow problem","refsource":"MLIST","tags":["Patch"],"title":"oss-security - Re: CVE Request: gif2png: command-line buffer overflow problem","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072009.html","name":"20091213 [gif2png] long filename Buffer Overrun","refsource":"FULLDISC","tags":["Patch"],"title":"[Full-Disclosure] Mailing List Charter","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://security.gentoo.org/glsa/glsa-201101-01.xml","name":"GLSA-201101-01","refsource":"GENTOO","tags":[],"title":"Gentoo Linux Documentation\n--\n gif2png: User-assisted execution of arbitrary code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://openwall.com/lists/oss-security/2010/11/21/1","name":"[oss-security] 20101121 CVE Request: gif2png: command-line buffer overflow problem","refsource":"MLIST","tags":["Patch"],"title":"oss-security - CVE Request: gif2png: command-line buffer overflow problem","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2010/3036","name":"ADV-2010-3036","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2011:009","name":"MDVSA-2011:009","refsource":"MANDRIVA","tags":[],"title":"Support / Security / Advisories / / MDVSA-2011:009 | Mandriva","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/42796","name":"42796","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Gentoo update for gif2png - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://openwall.com/lists/oss-security/2010/11/22/3","name":"[oss-security] 20101121 Re: CVE Request: gif2png: command-line buffer overflow problem","refsource":"MLIST","tags":[],"title":"oss-security - Re: CVE Request: gif2png: command-line buffer overflow problem","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2011/0107","name":"ADV-2011-0107","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64820","name":"gif2png-commandline-bo(64820)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=547515","name":"https://bugzilla.redhat.com/show_bug.cgi?id=547515","refsource":"CONFIRM","tags":["Exploit","Patch"],"title":"547515 – (CVE-2009-5018, CVE-2010-4694, CVE-2010-4695) CVE-2009-5018 CVE-2010-4694, CVE-2010-4695 gif2png: command-line buffer overflow problem","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2011/0023","name":"ADV-2011-0023","refsource":"VUPEN","tags":["Vendor Advisory"],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/41801","name":"41801","refsource":"BID","tags":[],"title":"gif2png Remote Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978","name":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978","refsource":"CONFIRM","tags":["Patch"],"title":"#550978 - gif2png: Command line buffer overflow - Debian Bug report logs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051229.html","name":"FEDORA-2010-0358","refsource":"FEDORA","tags":["Patch"],"title":"[SECURITY] Fedora 12 Update: gif2png-2.5.1-1202.fc12","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://bugs.gentoo.org/show_bug.cgi?id=346501","name":"http://bugs.gentoo.org/show_bug.cgi?id=346501","refsource":"CONFIRM","tags":[],"title":"Bug 346501 –